| UAF 1.1 | Description |
|---|---|
| Achieved Effect | A dependency relationship that exists between an Actual State (e.g., observed/measured during testing) of an element that attempts to achieve a Desired Effect and an Achiever. |
| Achiever | An Actual Resource, Actual Project or Actual Enterprise Phase that can deliver a Desired Effect. |
| Actual Condition | The Actual State of an environment or location describing its situation. |
| Actual Enduring Task | An actual undertaking recognized by an enterprise as being essential to achieving its goals - i.e. a strategic specification of what the enterprise does. |
| Actual Enterprise Phase | An Actual State that describes the phase of an Enterprise endeavour. |
| Actual Environment | The Actual State that describes the circumstances of an Environment. |
| Actual Project Role | An Actual Project that is applied to a Project Role. |
| Actual Resource | Role in an Organization, where the role carries the authority to undertake a function - though the Actual Organizational Resource given the role has the responsibility. |
| Actual Resource Role | An instance of a System Resource. |
| Actual Responsibility | The duty required of a Person or Organization. |
| Actual Responsible Resource | An abstract grouping of responsible Organizational Resources. |
| Actual Service | An instance of a Service Specification. |
| Actual State | Abstract element that applies temporal extent to a set of elements realized as Instance Specifications. |
| Architecture | An abstract element that represents a generic architecture. Subtypes are Logical Architecture and Physical Architecture. |
| Asset | Asset as applied to Security views, an abstract element that indicates the types of elements that can be considered as a subject for security analysis. |
| Asset Role | Asset Role as applied to Security views, an abstract element that indicates the type of elements that can be considered as a subject for security analysis in the particular context. |
| Capability For Task | An abstraction relationship that asserts that a Capability is required in order for an Enterprise to conduct a phase of an Enduring Task. |
| Competence To Conduct | An abstraction relationship used to associate a Function with a specific set of Competencies needed to conduct the Function |
| Concern | Interest in an Enterprise Phase (Enterprise Phase is synonym for System in ISO 42010) relevant to one or more of its stakeholders. |
| Consumes | A Consumes relationship is an abstraction relationship that asserts that a service in someway contributes or assists in the execution of an Operational Activity. |
| Data Role | A usage of Data Element that exists in the context of an Resource Asset. It also allows the representation of the whole-part aggregation of Data Elements. |
| Enhances | A dependency relationship relating the Tailored Security Control to a Security Control. |
| Fielded Capability | An actual, fully-realized capability. A Fielded Capability is typed by a Capability Configuration. |
| Information Role | A usage of Information Element that exists in the context of an Operational Asset. It also allows the representation of the whole-part aggregation of Information Elements. |
| Measurable Element | Abstract grouping for elements that can be measured by applying Measurement Sets to them. |
| Mitigation Role | An abstract element that indicates the types of elements that can be considered as a subject for mitigating against a risk. |
| Operational Interface | A declaration that specifies a contract between the Nodes it is related to and any other Nodes it can interact with. |
| Operational Mitigation | A set of security measures intended to address against specific cyber risks. Comprises a subset of Security Controls that are required to protect the asset at node (Operational Role). |
| Operational Asset | An abstract element used to group the elements of Operational Agent and Information Element allowing them to own Information Roles. |
| Operational Signal | An Operational Signal is a specification of a kind of communication between operational performers in which a reaction is asynchronously triggered in the receiver without a reply. |
| Organization In Enterprise | An abstraction relationship relating an Actual Organization to an Actual Enterprise Phase to denote that the Actual Organization plays a role or is a stakeholder in an Actual Enterprise Phase. |
| Performs In Context | An abstraction relationship that relates an Operational Action to a Operational Role, or a Function Action to a Resource Role. It indicates that the action can be carried out by the role when used in a specific context or configuration. |
| Project Activity | An activity carried out during a project. |
| Project Activity Action | The Project Activity Action is defined as a call behavior action that invokes the activity that needs to be preformed. |
| Project Role | Usage of a Project in the context of another Project. Creates a whole-part relationship. |
| Protects | A dependency that asserts that a Security Control is required to protect an Asset. |
| Protects In Context | A dependency relationship that relates a Security Control Action to a Operational Role, or a Resource Role. It indicates that Security Control is required to protect an Asset in a specific context or configuration. |
| Protocol Stack | A sub-type of Protocol that contains the Protocol Layers, defining a complete stack. |
| Required Service Level | A sub type of Actual Service that details a specific service level required of the provider. |
| Resource Asset | An abstract element used to group the elements of Resource Performer and Data Element allowing them to own Data Roles |
| Resource Interface | A declaration that specifies a contract between the System Resources it is related to and any other System Resources it can interact with. It is also intended to be an implementation of a specification of an Interface in the Business and/or Service layer. |
| Resource Mitigation | A set of security measures intended to address specific cyber risks. Comprises a subset of Tailored Security Controls that are used to protect the asset at resource (Resource Role). |
| Resource Signal | A Resource Signal is a specification of a kind of communication between resources (ResourcePerformers) in which a reaction is asynchronously triggered in the receiver without a reply. |
| Risk | A statement of the impact of an event on Assets. It represents a constraint on an Asset in terms of adverse effects, with an associated measure of the likelihood of the event’s occurrence. Software related security risks are those risks that arise from the loss of confidentiality, integrity, or availability of information or information systems. |
| Security Constraint | A type of rule that captures a formal statement to define access control policy language. |
| Security Control | A type of Operational Activity that specifies a safeguard or countermeasure prescribed for Operational Performer. It is intended to protect the confidentiality, integrity, and availability of its information. |
| Security Control Action | A call of a Security Control in the context of another Security Control. It is used to show how a set of Security Controls can be used to protect an asset at node (Operation Role). |
| Security Control Family | An element that organizes security controls into a family. |
| Security Endave | An element that is a collection of information systems connected by one or more internal networks under the control of a single authority and security policy. The systems may be structured by physical proximity or by function, independent of location. |
| Security Process | The security-related procedure that satisfies the security control requirement. |
| Security Process Action | A call of a Security Control in the context of another Security Control. It is used to show how a set of Security Controls can be used to protect an asset at node (Node Role). |
| Service Connector | A channel for exchange between two Service Specifications. Where one acts as the consumer of the other. |
| Service Specification | The specification of a set of functionality provided by one element for the use of others. |
| Service Specification Role | Usage of a Service Specification in the context of another Service Specification. Creates a whole-part relationship. |
| Subject Of Risk | An abstract grouping of elements that can be the subject of a Risk. |
| Subject Of Security Constraint | An abstract grouping of elements that can be the subject of a Security Constraint. |
| Tailored Security Control | A type of Function that implements a Security Control, it specifies a safeguard or countermeasure prescribed for a System Resource. It is intended to protect the confidentiality, integrity, and availability of its information. |
| Technology | A sub type of Resource Artifact that indicates a technology domain, i.e. nuclear, mechanical, electronic, mobile telephony etc. |
| Version Succession | A dependency relationship between two Version Of Configurations that denotes that one Version Of Configuration follows from another. |
| Versioned Element | An abstract grouping of System Resource and Service Specification that allows Version Of Configuration to be related to Actual Project Milestones. |